[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Matt Caswell matt at openssl.org
Mon Jan 23 14:16:33 UTC 2017 

The branch OpenSSL_1_0_2-stable has been updated
       via  e203f493f6387ab14c3b4d9c1b668e9d199e8ec3 (commit)
      from  149e98dc5fe9ef172d12f329292e9d356705b646 (commit)


- Log -----------------------------------------------------------------
commit e203f493f6387ab14c3b4d9c1b668e9d199e8ec3
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Nov 22 17:37:34 2016 +0000

    Fix SSL_VERIFY_CLIENT_ONCE
    
    The flag SSL_VERIFY_CLIENT_ONCE is documented as follows:
    
      B<Server mode:> only request a client certificate on the initial TLS/SSL
      handshake. Do not ask for a client certificate again in case of a
      renegotiation. This flag must be used together with SSL_VERIFY_PEER.
    
      B<Client mode:> ignored
    
    But the implementation actually did nothing. After the server sends its
    ServerKeyExchange message, the code was checking s->session->peer to see if
    it is NULL. If it was set then it did not ask for another client
    certificate. However s->session->peer will only be set in the event of a
    resumption, but a ServerKeyExchange message is only sent in the event of a
    full handshake (i.e. no resumption).
    
    The documentation suggests that the original intention was for this to
    have an effect on renegotiation, and resumption doesn't come into it.
    
    The fix is to properly check for renegotiation, not whether there is already
    a client certificate in the session.
    
    As far as I can tell this has been broken for a *long* time.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/1984)

-----------------------------------------------------------------------

Summary of changes:
 ssl/s3_srvr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 0e57cb3..ea56f9c 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -506,7 +506,7 @@ int ssl3_accept(SSL *s)
                     * if SSL_VERIFY_CLIENT_ONCE is set, don't request cert
                     * during re-negotiation:
                     */
-                   ((s->session->peer != NULL) &&
+                   (s->s3->tmp.finish_md_len != 0 &&
                     (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
                    /*
                     * never request cert in anonymous ciphersuites (see

More information about the openssl-commits mailing list